Sorry for non-list post

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Sorry for non-list post

Glenn English-2
On 8/21/19 1:21 PM, Wietse Venema wrote:

> If you can be more specific about "blackHats hitting in my DNS from
> cloud9" (like, what kinds of traffic are you referring to?), then
> maybe I can provide you with actionable information.

They just send to UDP 53 and quit. What I want to do is deny the packet
in my router, but always allow the important IP(s).

--
Glenn English
Reply | Threaded
Open this post in threaded view
|

Re: Sorry for non-list post

Wietse Venema
ghe:
> On 8/21/19 1:21 PM, Wietse Venema wrote:
>
> > If you can be more specific about "blackHats hitting in my DNS from
> > cloud9" (like, what kinds of traffic are you referring to?), then
> > maybe I can provide you with actionable information.
>
> They just send to UDP 53 and quit. What I want to do is deny the packet
> in my router, but always allow the important IP(s).

UDP/53 is DNS. There will be a hit each time there is email for you
from a Postfix mailing list, with one request that has type MX, and
one or more requests that have type A or AAAA.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Sorry for non-list post

Glenn English-2
On 8/21/19 2:21 PM, Wietse Venema wrote:

> UDP/53 is DNS. There will be a hit each time there is email for you
> from a Postfix mailing list, with one request that has type MX, and
> one or more requests that have type A or AAAA.

I get thousands a day from China and Brazil and all over. They aren't
looking for an IP, they just want to be a significant nuisance. DNS hits
are by far the most traffic at my little domain.

--
Glenn English
Reply | Threaded
Open this post in threaded view
|

Re: Sorry for non-list post

Matus UHLAR - fantomas
>On 8/21/19 2:21 PM, Wietse Venema wrote:
>> UDP/53 is DNS. There will be a hit each time there is email for you
>> from a Postfix mailing list, with one request that has type MX, and
>> one or more requests that have type A or AAAA.

On 21.08.19 14:50, ghe wrote:
>I get thousands a day from China and Brazil and all over. They aren't
>looking for an IP, they just want to be a significant nuisance. DNS hits
>are by far the most traffic at my little domain.

If you run DNS server and have domain delegated to it, accept the fact that
they will query it.  If not, disable DNS queries from outside.
and, since this is not postfix issue, this should be all said about that.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors